IUDEV test list: Difference between revisions

From OpenSFS Wiki
Jump to navigation Jump to search
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 105: Line 105:
! Check result
! Check result
|-
|-
|rowspan="3"|1. Null GSSAPI Mechanism
! scope="row" rowspan="3"|1. Null GSSAPI Mechanism
|1.1
|1.1
|Server-side null mechanism
|Server-side null mechanism
Line 121: Line 121:
|gssd authentication succeeds
|gssd authentication succeeds
|-
|-
|scope="row" rowspan="3"|2. Shared Key Null Security Flavor
! scope="row" rowspan="3"|2. Shared Key Null Security Flavor
|2.1
|2.1
|Lustre daemons with null flavor
|Lustre daemons with null flavor
Line 137: Line 137:
|File system operations succeed
|File system operations succeed
|-
|-
|rowspan="3"|3. Shared Key GSSAPI Mechanism
! scope="row" rowspan="3"|3. Shared Key GSSAPI Mechanism
|3.1
|3.1
|Server-side shared key mechanism
|Server-side shared key mechanism
Line 152: Line 152:
|Attempt authentication to above gssds
|Attempt authentication to above gssds
|gssd authentication succeeds
|gssd authentication succeeds
|
|-
! scope="row"|4. Userspace Key-Generation Tool
|4.1
|Generate key
|Attempt to generate a shared key using the userspace key generation tool
|Key is generated and looks sane
|-
! scope="row"|5. Server-Side Key Loading Method
|5.1
|Load server-side key
|Attempt to load a shared key into the Lustre server using theprovided lctl method
|Key is loaded with no errors
|-
! scope="row"|6. Client-Side Key Loading Method
|6.1
|Load client-side key
|Attempt to load a shared key into the Lustre client using theprovided lctl method
|Key is loaded with no errors
|-
! scope="row" rowspan="5"|7. Shared Key Integrity Security Flavor
|7.1
|Start Lustre daemons with ski
|Attempt to start Lustre daemons with shared key integrity (ski) security flavor selected
|Lustre daemons start and stay running with no errors
|-
|7.2
|Mount file system with ski
|Attempt to mount a Lustre filesystem using the ski security flavor
|File system is mounted with no errors
|-
|7.3
|Mount with ski with bad key
|Attempt to mount a filesystem with ski with an incorrect or missing key
|File system fails to mount and throws bad key error
|-
|7.4
|File system operations with ski flavor
|Attempt to perform normal file system operations (create file, write to file, delete file, etc.) on file system mounted with the ski security flavor selected
|File system operations succeed
|-
|7.5
|No encryption over network
|Simulate a network eavesdropper by extracting a file data packet from the network layer, and ensure a match for the actual file data is found in the packet
|Data can successfully be read off network (encryption was not performed)
|-
! scope="row" rowspan="5"|8. Shared Key Privacy and Integrity Security Flavor
|8.1
|Start Lustre daemons with skpi
|Attempt to start Lustre daemons with shared key privacy and integrity (skpi) security flavor selected
|Lustre daemons start and stay running with no errors
|-
|8.2
|Mount file system with skpi
|Attempt to mount a Lustre filesystem using the skpi security flavor
|File system is mounted with no errors
|-
|8.3
|Mount with skpi and bad key
|Attempt to mount a filesystem with skpi with an incorrect or missing key
|File system fails to mount and throws bad key error
|-
|8.4
|File system operations with skpi flavor
|Attempt to perform normal file system operations (create file, write to file, delete file, etc.) on file system mounted with the skpi security flavor selected
|File system operations succeed
|-
|8.5
|Encryption over network
|Simulate a network eavesdropper by extracting a file data packet from the network layer, and ensure no match for the actual file data is found in the packet
|Data cannot be read off network
|}

Latest revision as of 10:57, 2 August 2013

ID Mapping

Number Name Description Check result
1 Load nodemap.ko Simple test to ensure that the module loads correctly and creates a default nodemap. nodemap.ko load is tested by lsmod, check for expectedproc entries.
2 Create nodemaps Create 20 distinctly named nodemaps and test that the required procentries exist. nodemaps are created, check for expected proc entries
3 Reject duplicate nodemaps Attempt to recreate the nodemaps from test 2, and fail so that there are no duplicate nodemaps nodemap creations should fail, check return value from lctl, check for expected proc entries
4 Create non-overlapping ranges in all non-default nodemaps Create 20 partitioned ranges in each nodemap from test 2 Check for expected entries in the nodemap ranges procfile
5 Reject overlapping ranges in all non-default nodemaps Attempt to create ranges in all nodemaps that conflict withpre-existing ranges check return value from lctl, check nodemap ranges file for duplicates
6 Reject adding ranges to the default nodemap Attempt to create ranges in the default nodemap. check return value of lctl
7-10 Change allowed values in the default nodemap Change the allowed settings for the default cluster (admin_cluster,trusted_cluster, squash_uid and squash_gid). check proc files for expected values
11 Add uid/gid maps to non-default nodemap Create 200 uidmaps and 200 gidmaps check proc uidmap and gidmap files for expected values
12 Add uid/gid maps to default nodemap Check that lctl rejects setting uid and gid maps for the default nodemap check lctl return value
* For each nodemap, run the following tests with each nodmap in this configuration:

[active = {0,1} X admin_cluster = {0,1} X trusted_cluster = {0,1} Xsquash_uid = {99, 50} X squash_gid = {99, 50}]

* Check existing uid and gid mappings for non-default nodemaps check for proper mapping value
* Check non-existing uid and gid mappings for non-defualt nodemaps check for squashed values
* Check uid and gid mapping for default nodemap check for default squashed values
14 Remove some uid/gid maps from each non-default nodemap test values for proper mapping
15 Remove some ranges from each non-default nodemap test values for proper mapping
16 Remove a nodemap test values for proper mapping
17 Remove nodemap.ko Check that nodemap.ko unloads

Shared Key Privacy and Integrity

Section Number Name Description Check result
1. Null GSSAPI Mechanism 1.1 Server-side null mechanism Attempt to start server-side gssd with null mechanism selected gssd starts and stays running with no errors
1.2 Client-side null mechanism Attempt to start client-side gssd with null mechanism selected gssd starts and stays running with no errors
1.3 gssd null authentication Attempt authentication to above gssds gssd authentication succeeds
2. Shared Key Null Security Flavor 2.1 Lustre daemons with null flavor Attempt to start Lustre daemons with null security flavor selected Lustre daemons start and stay running with no errors
2.2 Mount with null flavor Attempt to mount file system with null security flavor selected File system is mounted with no errors
2.3 File system operations with null flavor Attempt to perform normal file system operations (create file, write to file, delete file, etc.) on file system mounted with null security flavor selected File system operations succeed
3. Shared Key GSSAPI Mechanism 3.1 Server-side shared key mechanism Attempt to start server-side gssd with shared key mechanism selected gssd starts and stays running with no errors
3.2 Client-side shared key mechanism Attempt to start client-side gssd with shared key mechanism selected gssd starts and stays running with no errors
3.3 gssd null authentication Attempt authentication to above gssds gssd authentication succeeds
4. Userspace Key-Generation Tool 4.1 Generate key Attempt to generate a shared key using the userspace key generation tool Key is generated and looks sane
5. Server-Side Key Loading Method 5.1 Load server-side key Attempt to load a shared key into the Lustre server using theprovided lctl method Key is loaded with no errors
6. Client-Side Key Loading Method 6.1 Load client-side key Attempt to load a shared key into the Lustre client using theprovided lctl method Key is loaded with no errors
7. Shared Key Integrity Security Flavor 7.1 Start Lustre daemons with ski Attempt to start Lustre daemons with shared key integrity (ski) security flavor selected Lustre daemons start and stay running with no errors
7.2 Mount file system with ski Attempt to mount a Lustre filesystem using the ski security flavor File system is mounted with no errors
7.3 Mount with ski with bad key Attempt to mount a filesystem with ski with an incorrect or missing key File system fails to mount and throws bad key error
7.4 File system operations with ski flavor Attempt to perform normal file system operations (create file, write to file, delete file, etc.) on file system mounted with the ski security flavor selected File system operations succeed
7.5 No encryption over network Simulate a network eavesdropper by extracting a file data packet from the network layer, and ensure a match for the actual file data is found in the packet Data can successfully be read off network (encryption was not performed)
8. Shared Key Privacy and Integrity Security Flavor 8.1 Start Lustre daemons with skpi Attempt to start Lustre daemons with shared key privacy and integrity (skpi) security flavor selected Lustre daemons start and stay running with no errors
8.2 Mount file system with skpi Attempt to mount a Lustre filesystem using the skpi security flavor File system is mounted with no errors
8.3 Mount with skpi and bad key Attempt to mount a filesystem with skpi with an incorrect or missing key File system fails to mount and throws bad key error
8.4 File system operations with skpi flavor Attempt to perform normal file system operations (create file, write to file, delete file, etc.) on file system mounted with the skpi security flavor selected File system operations succeed
8.5 Encryption over network Simulate a network eavesdropper by extracting a file data packet from the network layer, and ensure no match for the actual file data is found in the packet Data cannot be read off network